[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] booting debian/stretch as EFI guest on Xen 4.9.0 host -- ​\EFI\debian\grubx64.efi "not recognized"?

On 10/18/17 8:22 AM, Robert McNicol wrote:
>> Shell> vmlinuz rw root=/dev/xvdg initrd=\initrd.gz
>>      Script Error Status: Security Violation (line number 1)
>>      Shell>
> If I understand correctly, secure boot looks for a signed binary to execute. 
> That signature has to chain back to a Microsoft key. Debian doesn’t play 
> proprietary. I have been reading that they are making efforts to become 
> secure boot compatible, but its not there yet. So that message makes sense.

I was just reminded by *suse folks,

"By default, openSUSE uses "/usr/share/qemu/ovmf-x86_64-ms.bin" which
enables secureboot and contains the MS certificates as the machines in
the wild. If you don't need it, try to add the following line to your
config file:

bios_override = '/usr/share/qemu/ovmf-x86_64.bin' 

which, if you take a look at my .cfg from earlier post ( 
https://lists.xen.org/archives/html/xen-users/2017-10/msg00051.html ), is 
already what I'm using.

With that, that 'Security Violation' message makes a lot less sense :-/

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.